package com.cyj.dream.visual.monitor.config;

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import io.swagger.models.HttpMethod;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/**
 * @Description: Web权限配置
 * @BelongsProject: DreamChardonnay
 * @BelongsPackage: com.cyj.dream.visual.monitor.config
 * @Author: ChenYongJia
 * @CreateTime: 2021-09-29 10:38
 * @Email: chen87647213@163.com
 * @Version: 1.0
 */
@Slf4j
@Configuration
@Order(0)
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {

    private final AdminServerProperties adminContextPath;

    public WebSecurityConfigurer(AdminServerProperties adminContextPath) {
        this.adminContextPath = adminContextPath;
    }

    /**
     * WebSecurity 权限配置
     *
     * @param http 权限http
     * @return
     * @author ChenYongJia
     * @date 10:40 2021/9/29
     */
    @Override
    //@SneakyThrows
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(this.adminContextPath.getContextPath() + "/");

        //配置允许的请求以及跨域问题
        http.authorizeRequests()
                .antMatchers(this.adminContextPath.getContextPath() + "/assets/**").permitAll()
                // 所有请求都可以访问，本地开发打开下面一行的注释
                //.antMatchers("/**").permitAll()
                //不进行权限验证的请求或资源(从配置文件中读取)，本地开发可以，将本行注释掉
                .antMatchers(this.adminContextPath.getContextPath() + "/login").permitAll()
                .antMatchers("/**")
                .fullyAuthenticated()
                .and()
                .csrf()
                .disable()
                // 配置登录地址
                .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
                //配置登出地址
                .logout()
                // /userInfo/loginOutByToken
                .logoutUrl("/logout")
                .and()
                // 开启跨域
                .cors()
                .and()
                // 取消跨站请求伪造防护
                .csrf()
                .ignoringRequestMatchers(
                        new AntPathRequestMatcher(this.adminContextPath.getContextPath() +
                                "/instances", HttpMethod.POST.toString()),
                        new AntPathRequestMatcher(this.adminContextPath.getContextPath() +
                                "/instances/*", HttpMethod.DELETE.toString()),
                        new AntPathRequestMatcher(this.adminContextPath.getContextPath() + "/actuator/**"))
                .disable();
        // @formatter:on
    }

    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/actuator/**");
    }

}
